A proposal of a method for evaluating third-party authentication services

The security field is a highly studied area of knowledge, since the consequences of failing can be catastrophic; if an external user accesses information or function she should not be able to access. Third-party authentication is a growing concept that tries to remedy the
problem of users having to register at most websites they want to access. With an account at a third-party authentication service a user can access all websites that support the third-party service without having to register there. While this seems like a good architecture are
the capabilities and limitations of third-party services not well understood and there are no
common protocols for authenticating users.
This master thesis aims at increasing the knowledge about these services by reviews current literature in the field in order to define a method for evaluating third-party authentication services. Furthermore, in the scope of the thesis is to explore the possibility of circumventing
the problem that there is no common protocol for authenticating users by creating a plug-in based authentication solution that utilizes third-party authentication services for user authentication. An evaluation method that tries to to capture the essential aspects of third-party user authentication is proposed. In addition a proof-of-concept implementation of the previously mentioned plug-in based authentication solution is implemented to show that it is possible to circumvent the described problem.

Skapa referens, olika format (klipp och klistra)

BibTeX @mastersthesis{Josefsson2011,author={Josefsson, Erik and Stenbäcka, Erik},title={A proposal of a method for evaluating third-party authentication services},abstract={The security field is a highly studied area of knowledge, since the consequences of failing can be catastrophic; if an external user accesses information or function she should not be able to access. Third-party authentication is a growing concept that tries to remedy the
problem of users having to register at most websites they want to access. With an account at a third-party authentication service a user can access all websites that support the third-party service without having to register there. While this seems like a good architecture are
the capabilities and limitations of third-party services not well understood and there are no
common protocols for authenticating users.
This master thesis aims at increasing the knowledge about these services by reviews current literature in the field in order to define a method for evaluating third-party authentication services. Furthermore, in the scope of the thesis is to explore the possibility of circumventing
the problem that there is no common protocol for authenticating users by creating a plug-in based authentication solution that utilizes third-party authentication services for user authentication. An evaluation method that tries to to capture the essential aspects of third-party user authentication is proposed. In addition a proof-of-concept implementation of the previously mentioned plug-in based authentication solution is implemented to show that it is possible to circumvent the described problem.},publisher={Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola},place={Göteborg},year={2011},note={51},}

RefWorks RT GenericSR ElectronicID 156657A1 Josefsson, ErikA1 Stenbäcka, ErikT1 A proposal of a method for evaluating third-party authentication servicesYR 2011AB The security field is a highly studied area of knowledge, since the consequences of failing can be catastrophic; if an external user accesses information or function she should not be able to access. Third-party authentication is a growing concept that tries to remedy the
problem of users having to register at most websites they want to access. With an account at a third-party authentication service a user can access all websites that support the third-party service without having to register there. While this seems like a good architecture are
the capabilities and limitations of third-party services not well understood and there are no
common protocols for authenticating users.
This master thesis aims at increasing the knowledge about these services by reviews current literature in the field in order to define a method for evaluating third-party authentication services. Furthermore, in the scope of the thesis is to explore the possibility of circumventing
the problem that there is no common protocol for authenticating users by creating a plug-in based authentication solution that utilizes third-party authentication services for user authentication. An evaluation method that tries to to capture the essential aspects of third-party user authentication is proposed. In addition a proof-of-concept implementation of the previously mentioned plug-in based authentication solution is implemented to show that it is possible to circumvent the described problem.PB Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola,PB Institutionen för data- och informationsteknik (Chalmers), Chalmers tekniska högskola,LA engLK http://publications.lib.chalmers.se/records/fulltext/156657.pdfOL 30